Item: Mandiant Advantage Threat Intelligence
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

Threat Intel is the core of any SOC to function properly. Our analysts have been using Mandiant TI by various means.
The feeds are integrated to the SIEM and reference sets have been built around it. Additionally it's SaaS based portal is being used for IOC lookups, advisories and latest on-going threats.

Pros and Cons

Accuracy of the IOCs
UI for the SaaS based portal is quite friendly
API integration is quite easy

Tweaking the feeds as per threat profiling
Number of advisories being pushed
Brand List and Watch List Addition

Return on Investment

Notifications has made the analysts up to date all the times
Browser based plug-in saves costing for in house TIP
SaaS based solution saves cost of hosting

Alternatives Considered

Recorded Future Intelligence Cloud, Kaspersky Threat Management and Defense and IBM X-Force Exchange

There are multiple SaaS based players offering Threat Intel. But Mandiant TI has the following features which makes it one of the best among the competitors:
1.It understands recent actor, malware or vulnerability trends making it very easy for the analysts to do the research
2.Threat Profiling of the organization and setting the rules proactively hunt threat actors targeting the organization.
3.Accelerating the threat response by prioritizing the threats that matter most helping the analysts priortize the threats.
4.Access threat intelligence via the platform, the browser plugin or APIs

Usability

The ease of using Mandiant either in it's
1.SaaS based Portal
2.Browser Plug In
3.Integrating with API calling
makes it one of the most versatile tool to be used in the environment for adversaries.
Our analysts check the relevance of the IOCs usually offered across multiple premuim intels and Mandiant has proved to be one of the most accurate compared to the competitors. The UI is also quite interactive and easy to be understood by analysts.

Key Insights

Do you think Mandiant Advantage Threat Intelligence delivers good value for the price?

Yes

Are you happy with Mandiant Advantage Threat Intelligence's feature set?

Yes

Did Mandiant Advantage Threat Intelligence live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Mandiant Advantage Threat Intelligence go as expected?

Yes

Would you buy Mandiant Advantage Threat Intelligence again?

Yes

Other Software Used

Fortinet FortiGate, EclecticIQ Platform, Rapid7 InsightVM

Likelihood to Recommend

Usually SOC leverages Intel from mutiple sources. The scenarios are:

1.Suitable: In large scale SOC where more than 5000 devices are being monitored and the tech stack is wide, Mandiant will play an excellent role in that scenario.
2.Not Suitable: In small scale SOCs wherein limited devices belonging to the same tech stack is being used then the analysts can rely on OSINT and it is not useful to buy the solution.

Mandiant TI: To keep your organization's Security Posture rock solid!

Overall Satisfaction with Mandiant Advantage Threat Intelligence